=================================================================== RCS file: /home/ncvs/src/contrib/sendmail/smrsh/smrsh.c,v retrieving revision 1.3.6.5 retrieving revision 1.3.6.5.4.1 diff -u -p -r1.3.6.5 -r1.3.6.5.4.1 --- contrib/sendmail/smrsh/smrsh.c 2001/06/09 17:40:38 1.3.6.5 +++ contrib/sendmail/smrsh/smrsh.c 2002/10/26 21:10:59 1.3.6.5.4.1 @@ -59,6 +59,8 @@ static char id[] = "@(#)$Id: smrsh.c,v 8 #include #include #include +#include +#include #include #include #include @@ -156,6 +158,7 @@ main(argc, argv) char cmdbuf[1000]; char pathbuf[1000]; char specialbuf[32]; + struct stat st; #ifndef DEBUG # ifndef LOG_MAIL @@ -293,6 +296,36 @@ main(argc, argv) #ifdef DEBUG printf("Trying %s\n", cmdbuf); #endif /* DEBUG */ + if (stat(cmdbuf, &st) < 0) + { + /* can't stat it */ + (void) fprintf(stderr, "%s: %s not available for sendmail programs (stat failed)\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } + if (!S_ISREG(st.st_mode) +#ifdef S_ISLNK + && !S_ISLNK(st.st_mode) +#endif /* S_ISLNK */ + ) + { + /* can't stat it */ + (void) fprintf(stderr, "%s: %s not available for sendmail programs (not a file)\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } if (access(cmdbuf, X_OK) < 0) { /* oops.... crack attack possiblity */